Re: Gnumeric/Guile/Python

From: James Henstridge <james daa com au>
To: Miguel de Icaza <miguel nuclecu unam mx>
cc: lukka fas harvard edu, dmiller ilogic com au, goldin flight uchicago edu, gnome-list gnome org
Subject: Re: Gnumeric/Guile/Python
Date: Thu, 27 May 1999 10:31:28 +0800 (WST)

The python sandbox model can do that as well.

You have complete control over modules that the script can import (even
giving the script a `fake' module object that could check function calls
down to the argument level before allowing it to proceed).  This way, you
could for instance prevent the script from importing the socket module
(ie. no networking allowed), or check calls to the file open function to
see if they are allowed to read/write a particular file.

You can get as fine grained security as you want with this setup.  Still,
I agree that this type of thing should wait until we can assess possible
problems.

James.

--
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/

On Wed, 26 May 1999, Miguel de Icaza wrote:

> 
> > 	  use Safe;
> > 	  $s = Safe->new(...);
> > 	  $s->eval($code);
> > 
> > should do it. Of course, this disallows file io completely.
> 
> Excellent.  This sounds good.
> 
> Now, we still need a mechanism in the "Safe" environment to not allow
> the code in perl/python to be able to modify any sheet/workbook which
> is not the current one.
> 
> best wishes,
> Miguel.
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
>

Follow-Ups:
- Re: Gnumeric/Guile/Python
  - From: Ian McKellar

References:
- Re: Gnumeric/Guile/Python
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]